Merge pull request #45 from FlipNoteTeam/feat/refresh-token

dungbik · web-flow · commit fea44302d72b · 2025-09-15T23:42:36.000+09:00
Fix: 초당 2번 이상의 요청이 올 경우 같은 토큰 발급되는 오류 수정
diff --git a/src/main/java/project/flipnote/common/security/dto/AuthPrinciple.java b/src/main/java/project/flipnote/common/security/dto/AuthPrinciple.java
@@ -29,7 +29,7 @@ public static AuthPrinciple from(project.flipnote.auth.entity.UserAuth account)
 	}
 
 	public static AuthPrinciple from(Claims claims) {
-		long authId = Long.parseLong(claims.getId());
+		long authId = claims.get(JwtConstants.AUTH_ID, Long.class);
 		long userId = claims.get(JwtConstants.USER_ID, Long.class);
 		AccountRole userRole = AccountRole.from(
 			claims.get(JwtConstants.ROLE, String.class)
diff --git a/src/main/java/project/flipnote/common/security/jwt/JwtComponent.java b/src/main/java/project/flipnote/common/security/jwt/JwtComponent.java
@@ -12,19 +12,23 @@
 import io.jsonwebtoken.security.Keys;
 import jakarta.annotation.PostConstruct;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import project.flipnote.auth.entity.UserAuth;
 import project.flipnote.auth.model.TokenPair;
 import project.flipnote.auth.service.TokenVersionService;
 import project.flipnote.common.security.dto.AuthPrinciple;
 import project.flipnote.common.security.exception.CustomSecurityException;
 import project.flipnote.common.security.exception.SecurityErrorCode;
 
+@Slf4j
 @RequiredArgsConstructor
 @Component
 public class JwtComponent {
 
 	private final JwtProperties jwtProperties;
 	private final TokenVersionService tokenVersionService;
+	private final TokenIdGenerator tokenIdGenerator;
+
 	private SecretKey secretKey;
 
 	@PostConstruct
@@ -63,7 +67,8 @@ private String generateToken(AuthPrinciple userAuth, Date expiration) {
 
 		return Jwts.builder()
 			.subject(userAuth.email())
-			.id(String.valueOf(userAuth.authId()))
+			.id(tokenIdGenerator.generate())
+			.claim(JwtConstants.AUTH_ID, userAuth.authId())
 			.claim(JwtConstants.USER_ID, userAuth.userId())
 			.claim(JwtConstants.ROLE, userAuth.role().name())
 			.claim(JwtConstants.TOKEN_VERSION, userAuth.tokenVersion())
diff --git a/src/main/java/project/flipnote/common/security/jwt/JwtConstants.java b/src/main/java/project/flipnote/common/security/jwt/JwtConstants.java
@@ -10,6 +10,7 @@ public final class JwtConstants {
 
 	public static final String ROLE = "role";
 	public static final String TOKEN_VERSION = "token_version";
+	public static final String AUTH_ID = "auth_id";
 	public static final String USER_ID = "user_id";
 
 	public static final String AUTH_HEADER = "Authorization";
diff --git a/src/main/java/project/flipnote/common/security/jwt/TokenIdGenerator.java b/src/main/java/project/flipnote/common/security/jwt/TokenIdGenerator.java
@@ -0,0 +1,16 @@
+package project.flipnote.common.security.jwt;
+
+import java.security.SecureRandom;
+
+import org.springframework.stereotype.Component;
+
+@Component
+public class TokenIdGenerator {
+
+	private final SecureRandom random = new SecureRandom();
+
+	public String generate() {
+		long value = Math.abs(random.nextLong());
+		return Long.toString(value);
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ public static AuthPrinciple from(project.flipnote.auth.entity.UserAuth account)`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`public static AuthPrinciple from(Claims claims) {`
`32`		`- long authId = Long.parseLong(claims.getId());`
	`32`	`+ long authId = claims.get(JwtConstants.AUTH_ID, Long.class);`
`33`	`33`	`long userId = claims.get(JwtConstants.USER_ID, Long.class);`
`34`	`34`	`AccountRole userRole = AccountRole.from(`
`35`	`35`	`claims.get(JwtConstants.ROLE, String.class)`